Mutable Attestation or Measurement Reporting Data

Incomplete Base

Structure: Simple

Description

The register contents used for attestation or measurement reporting data to verify boot flow are modifiable by an adversary.

Extended Description

A System-on-Chip (SoC) implements secure boot or verified boot. During this boot flow, the SoC often measures the code that it authenticates. The measurement is usually done by calculating the one-way hash of the code binary and extending it to the previous hash. The hashing algorithm should be a Secure One-Way hash function. The final hash, i.e., the value obtained after the completion of the boot flow, serves as the measurement data used in reporting or in attestation. The calculated hash is often stored in registers that can later be read by the party of interest to determine tampering of the boot flow. A common weakness is that the contents in these registers are modifiable by an adversary, thus spoofing the measurement.

Common Consequences 1

Scope: Confidentiality

Impact: Read MemoryRead Application Data

Potential Mitigations 1

Phase: Architecture and Design

Measurement data should be stored in registers that are read-only or otherwise have access controls that prevent modification by an untrusted agent.

Demonstrative Examples 1

The SoC extends the hash and stores the results in registers. Without protection, an adversary can write their chosen hash values to these registers. Thus, the attacker controls the reported results.

To prevent the above scenario, the registers should have one or more of the following properties: - Should be Read-Only with respect to an adversary - Cannot be extended or modifiable either directly or indirectly (using a trusted agent as proxy) by an adversary - Should have appropriate access controls or protections

References 2

PCIe Device Measurement Requirements

Intel Corporation

09-2018

https://www.intel.com/content/dam/www/public/us/en/documents/reference-guides/pcie-device-security-enhancements.pdf

ID: REF-1107

BIOS Chronomancy: Fixing the Core Root of Trust for Measurement

John Butterworth, Cory Kallenberg, and Xeno Kovah

31-07-2013

https://media.blackhat.com/us-13/US-13-Butterworth-BIOS-Security-Slides.pdf

ID: REF-1131

Applicable Platforms

Languages:

Not Language-Specific : Undetermined

Technologies:

Not Technology-Specific : Undetermined

Modes of Introduction

Architecture and Design

Implementation

Related Attack Patterns

680
Integer Overflow to Buffer Overflow

Related Weaknesses

ChildOf:

Improper Access Control (CWE-284)

Notes

MaintenanceThis entry is still in development and will continue to see updates and content improvements.